Wednesday, September 17, 2014

We just improved LocalBitcoins Affiliate Program a little bit. Now you can get a CSV, which includes information about your converted users. Also a short list of your latest converted visits are included on the affiliate page. Using this info, you can improve your targeting.

Next we plan to implement a tracking pixel for the affiliate program. If you have ideas or feedback related to the affiliate program, comment below!

Tuesday, September 2, 2014

LocalBitcoins site has now a new user reporting feature. You can find the user reporting link from the public user profile page. The new feature makes it easier to report suspicious users, though this option has been always available through the support ticket system.

LocalBitcoins support team checks the reported users and may take necessary action to suspend the user account if there is evidence of breaking the site rules and good trade etiquette. Potential reasons to report a user may include

Monday, August 25, 2014

Gift cards are a nice way to buy stuff froom your favourite store, which doesn't accept bitcoin yet. There has been some gift card trading on LocalBitcoins, but now we have added couple of new features which should make gift card trading much easier.

Contacters can select the amount with dropdown.

Several Gift Card types have been added, you can also select the generic option and name your own.

Monday, August 11, 2014

It has been a long time since there have been any news regarding our ATM project which aims to provide automatization for converting cash to bitcoins and vice versa. Another perks of the Localbitcoins ATM:s are the moderate price and the fact that the device works completely offline. ATM:s are integrated to Localbitcoins website, and the actual bitcoin trade happens on Localbitcoins.com; the ATM only takes care about the fiat handling.

There have been two beta versions of these ATM:s in real life testing at the center of Helsinki, Finland. One of them is in a bitcoin accepting restaurant and another one in 24h kiosk. So far there haven't been any major problems, and minor ones have been carved out during the testing process. If you are visiting Helsinki, you can find those ATM:s from here, and here.

Expect to see more of these ATM:s soon, since we are getting our first production batch out soon, and we are putting one of them on the bitcoin tour, held by Finnish bitcoin company Bittiraha.fi. They will be driving around Finnish archipelago and testing how well Localbitcoins bitcoin ATM performs on the road.

Eventually you will be able to purchase these ATM:s directly from Localbitcoins website. The price of the ATM's is 1500 eur + VAT and shipping costs.

Specifications of the ATM

Buying process: Buyer feeds banknotes to the machine, and gets a secret code in return. The code is used to claim the corresponding amount of bitcoins to your localbitcoins.com account. The exchange rate is defined at the moment the code is used.

Selling process: Seller logs in to his/her localbitcoins account, and goes to the URL of the ATM he/she aims to use for withdrawal. The seller selects the amount he/she wants to withdraw from a dropdown menu. After selecting the withdrawal amount, corresponding amount of bitcoins are reduced from the seller's localbitcoins wallet and the user will receive a code, which is given to the ATM through the keyboard. After the code has been inserted, the ATM will give corresponding amount of notes to the customer.

Accepted bills: All banknotes where the size is inside of the range (width) 60-82 millimeters, and (length) 115-150 millimeters. The device can accept 6 different kind of bills from the selected currency. The device can be programmed to handle almost any known currency, but only one can be used at the time.

Tuesday, August 5, 2014

Since August of this year, stores accepting bitcoin payment have been emerging in Kexing Science & Technology Park, Shenzhen, where is full of Internet companies. These stores are mainly restaurant. In China, the central bank stated that bitcoin is not currency, but admitted that trading with bitcoin is legal. Although China is one of the biggest markets for bitcoin trade, its bitcoin payment market is still on infancy stage.

Stores: Currently bitcoin payment volume is still small

On the Yuanwei street of Kexing Science & Technology Park, several restaurants have accepted bitcoin as payment. Since the business is just started, cashiers are not familiar with the payment process yet. For example, 'Accept Bitcoin' label has been put on the front door of Cafe de Flore. However, when customers ask if they can pay with bitcoin, cashiers are still muddle-headed. They need time to skilfully process bitcoin payment.

As to Maggies's Club, another bar on the same street, the cashier clearly expressed that they accept bitcoin payment, but customers need download a third bitcoin payment platform, 'Btct' App. Customers transfer bitcoin to their Btct account to finish payment, which is like Paypal in Bitcoin world.

The CEO said she likes the convenience of third payment platform, which has no big difference from Group-Buying platform. Launching bitcoin payment for her bar is icing on the cake, and at least can attract btcer to expand customer pool, even though currently the volume is still very small.

Payment Platform: Still on user development stage

In December of last year, the statement of Central Bank of China has emphasised that bitcoin is not real currency, and forbidden financial institutions and payment institutions to price products or services with bitcoin, but admitted the legitimacy of trading bitcoin, which made bitcoin purely an investment product in China. After experiencing ups and downs, bitcoin price is stabilising between 3589.00 ~ 3634.92 CNY. Bitcoin payment in physical store is still rare. Some bitcoin insider claimed that currently the number of physical stores accepting bitcoin in China is less than 30.

As a third payment platform for promoting bitcoin, the main purpose of Btct is to change the atmosphere of bitcoin speculation in China to the original nature of bitcoin as a payment method. One of the co-founders of Btct said although the number of physical stores accepting bitcoin is still small, Shenzen where has strong Internet cogitation has advantages to promote bitcoin payment. Moreover, Btct provides CNY exchange, which shares the risk of bitcoin fluctuation.

Wednesday, July 30, 2014

It is now possible to access the LocalBitcoins API using HMAC authentication instead of OAuth 2. This new authentication method is more suitable and secure for your own scripts and non-distributed applications. We suggest to use it whenever possible.

API tokens will now also reset on account security changes. If you change your password or if you enable login guard or two-factor authentication, the API access credentials are reseted. This means deleting all API clients, tokens, and authentications.

In the future, console authorization of OAuth 2 will be disabled and all who use API for scripting access are recommended to migrate to HMAC authentication.

Wednesday, July 16, 2014

LocalBitcoins has released a faster and safer way to sell your Bitcoins: Quick sell. The new feature is especially helpful when paying bills with Bitcoin.

Quick sell is visible in your dashboard after logging in.

How quick sell works

Start by selecting payment method, currency and country (if required). Next, choose the amount you wish to sell. At this point, Quick sell shows the estimate how many Bitcoins would be needed for the transaction. Finally fill in the required details and click “Send trade request”.

Quick sell goes through all matching LocalBitcoins bitcoin buy advertisements from reputable traders. It chooses the advertisement with the best exchange rate and then makes a trade request .

The bitcoin buyer pays the transaction with the payment details you provided. If you have bills you can directly give the bill payment details in the quick sell form. (This works very well with national bank transfers, but may not be available in every country yet.)

Please note that some advertisements require SMS verification and other verifications - enable them to get access to advertisements with better prices.

Friday, July 11, 2014

Login guard is the latest account security feature on LocalBitcoins. If your LocalBitcoins account is being accessed from a web browser or a device not seen before an email confirmation is required when logging in.

Login guard is automatically enabled for all new users. The old users can enable the login guard in their profile settings. Login guard is effective protection against phishing attacks and we hope to see the reduction of successful phishing attacks targeting new users.

LocalBitcoins works actively towards making it safer to purchase and use bitcoins. During this year there has been visible increase in attack against bitcoin users in all majorbitcoinservices and local bitcoin wallets stored on your computer.

Below are some highlights of LocalBitcoins security progress.

Two-factor activation rate progress

The above chart shows the percentage of the LocalBitcoins users who activated two-factor authentication after the email verification. One can see there is clear progress going on and educating the new users is working. Some methods how we have achieved this are explained below.

A security brief for new users

After the email verification every new user is presented a choice for two-factor activation. We cannot force the users to activate the two-factor authentication, but we very clearly state one should do so.

Weak account security is highlighted

If the account security settings are weak this fact is highlighted to the user all the time they are logged in.

Two-factor email reminders

If anybody has bitcoins in their wallet and never activated two-factor authentication a reminder email is sent.

Monday, July 7, 2014

After the South Korean payment gateway giant, Galaxia Communications, announced to join Bitcoin payment method, thousands of websites from South Korea will embrace Bitcoins. Galaxia Communications is one of the top three online payment companies in South Korea. This company has more than 10,000 customers both inside and outside of South Korea. It also is the top seller for mobile gift card and coupon in South Korea. The cooperated Bitcoin payment processor is Coinplug, which provides technology support for Bitcoin transaction. The vice president and COO of Galaxia Communications, Yongkwang Kim, said the first time he heard about Bitcoin is just last year. Now he already has his own Bitcoin wallet. Kim also stated that persuading other staff of the company to accept Bitcoin is still challenging, since there is lots of negative news about digital currency, which makes bitcoin look unreliable. Kim also emphasised that there is no big problem in technical implementation:"We have operated many other payment methods. The operation of Bitcoin payment is relatively easier."Source: http://www.8btc.com/koreans-have-thousands-new-online-bitcoin-opportunities-thanks-galaxia

Monday, June 30, 2014

When Bitcoin is rejected by giant technology and Internet companies which are qualified with finance business in China, the game platform UCAN under Culturecom, co-founded by Jay Chou, one of the most famous superstar in Asia, believes that Bitcoins, as a transaction channel, will especially benefit SMEs. The CEO Cheng Peng said the zero transaction cost of Bitcoin is much more attractive than credit card.

The CEO also pointed out that if mobile game companies publish games through iTunes, they need pay one third of their revenue to iTunes as operating fee. If customers use Visa or Master card for payment, companies also need to pay 3% - 10% of their revenue as cross-border service fee. After the payment, game companies usually can only get 10% of the revenue for profits. Although there are other open publish channels like Google, the limited operation of Google in mainland China will affect sales. On the contrary, with zero cost and open environment, Bitcoin largely attracted game companies as a transaction channel.

Although supervision authorities in mainland China forbid financial institutions and giant IT companies from being involved in or using Bitcoin, Cheng Peng believes that this instead is an advantage for SMEs to explore Bitcoin transaction. When dealing with Bitcoin, since supervision authorities regard Bitcoin as commodity, UCAN will categorise Bitcoin to inventory in financial statements.

UCAN planned to launch Bitcoin payment for mobile game in July or August. The next step is to promote Bitcoin to offline products and Apps. Cheng Peng emphasised that his company will not speculate or arbitrage Bitcoin, but only use it for daily business transaction.

Tuesday, May 27, 2014

Finnish academic male choir KYL has been touring Japan. The tour included 5 concerts, from which 4 were fully booked. The tour also included lots of other finno-japanese cultural exchange.

The special kicker in this case was that at the same time, the Choir was spreading Bitcoin propaganda to Japan, as LocalBitcoins was sponsoring the concert. LocalBitcoins was prominently displayed in the tour t-shirts, as well in the concert promotional material.

At the same time, Japanese translation was made to LocalBitcoins, making it more usable for Japanese audience.

Thursday, May 8, 2014

LocalBitcoins is proud to announce automated trading support on both online and local trades. Previously only buying Bitcoins with cash was supported through API.

In addition there is a full dashboard API available to cultivate and monitor your currently active and past trades.

The expanded API is available immediately. Please refer to the API documentation for the up-to-date details.

The API enables faster, more reliable trading. You can use the API to automate and enforce your business logic and earn more, or just to lose the hassle in filing the tax report.

Your feedback is important in the direction and focus of the development of the API. Please do continue to contact about your issues and wishes about the API as well as about your use cases either to our support form or by joining our chat.

Saturday, May 3, 2014

LocalBitcoins received a very dangerous attack against the site infrastructure on Saturday 3.5.2014.For now

All user data and Bitcoins are safe;

The site will be down for a while as the system is being rebuilt

Details

LocalBitcoins hosting provided received a request to restart the LocalBitcoins.com website server and give access to the server console (root) on Sat May 3 13:32:27. LocalBitcoins team did not initiate this request. For now, it looks like the request was made using spoofed email addresses and other weakness in the hosting provider support system.

LocalBitcoins team was alerted about the abnormal activity when the hosting provider restarted the server.

The attacker gained a root access to the server for ~40 minutes before the attacker was kicked out and the server shutdown.

All data on the website server is encrypted. Manual actions are needed to make this data readable, so the attacker could not gain access to the data even when having a server console access.

It is very unlikely that the attacker gained access to any data; LocalBitcoins is still performing full investigation on the matter.

Bitcoins in hot wallet and cold wallet are safe, as LocalBitcoins runs its bitcoind and wallets on a separate server.

LocalBitcoins team has started to rebuild the website server on fresh hardware.

LocalBitcoins team will make further announcements when the investigation proceeds and the site becomes available again. We expect to spend at least 24 hours on this. LocalBitcoins team apologizes the issues the downtime may cause to the users.

One would think that male choir signing and Bitcoin don't have much in common, but that is about to change. In an effort to promote Bitcoin to the vocal music enthusiasts, LocalBitcoins is supporting the KYL male choir tour to Japan.

The tour consists of four cities, including Hiroshima, Takamatsu, Saku and Tokyo.

The repertuaire includes Japanese songs, traditional finnish songs as well as international classics. Style ranges from pop to national romantic.

Tickets for the first concert, held in Helsinki, Finland can be acquired with Bitcoin. It is not yet known if tickets can be bought for Japanese concerts in BTC, but hopefully we will figure out .

LocalBitcoins.com will also be translated in to Japanese, to spread the Bitcoin adoption in Japan.

Friday, April 25, 2014

Bitcoin users are high value targets for cyber criminals. Thus LocalBitcoins is improving the site security continuously to keep Bitcoin community safe. Please read in this blog how to secure your LocalBitcoins account and what LocalBitcoins team is doing to keep up the security.

Keep up your basic security

Here are some basic rules for securing your user account.

Enable two-factor authentication, either by mobile app or paper codes. More than 99% of the attacks against you can be prevented with two-factor authentication. It takes only few minutes to set it up.

Do not share your password across different websites.

Do not publish your email address, associated with your LocalBitcoins account, on any website. Do not get involved transactions outside the LocalBitcoins site messaging, e.g. in Skype. The malicious users often use these channels to circumvent the security features present on LocalBitcoins.

Do not use the website from a shared computers or devices, like ones in public internet cafes, as they may have keyloggers installed to steal your user credentials.

Always when logging in to the website, read the browser address bar and check that you are logging into https://localbitcoins.com and not a phishing domain. Make sure the spelling is localbitcoins.com exactly, as the phishers, especially email phisheres, often register domain names resembling localbitcoins.com domain name.

If possible when accessing user accounts with Bitcoin wallets, do this from a dedicated computer you have reserved for financial tasks only. Do not use this computer for other tasks. Do not install third party software and browser addons you cannot trust 100%. This greatly reduces the risk of getting malware infection on the computer.

Keep most of Bitcoins safe offline in a cold wallet. We recommend specialized Bitcoin wallet applications like Electrum for this purpose.

New LocalBitcoins security features

We have rolled out some new user facing security features this week.

You cannot use the same LocalBitcoins logged in session across different IP addresses. This prevents session hijacking attacks against LocalBitcoins users, but may also cause minor inconvenience for the legit users. This is especially case if you use LocalBitcoins on a mobile device where your IP address may change often.

LocalBitcoins may interrupt your normal website actions in the case there is a chance that the action might not be started by the legit user account owner. In this case you will get an email verification to ensure that it was you who really wanted to perform the action.

Some latest security threads affecting Bitcoin users

Here are some latest threads Bitcoin community has found targetting Bitcoin users. Keep your eyes open for these.

Friday, April 18, 2014

LocalBitcoins received a lot of media attention on the 17th of April 2014 regarding claimed security breaches. On the 17th April, 98% of LocalBitcoins trades where conducted without an opened support ticket. LocaBitcoins have been operating since summer 2012, being one of the oldest living sites for exchanging Bitcoins. There has been one known site security breach in the past (summer 2013) where the loss of Bitcoins could be due to an issue on the site.

LocalBitcoins team did not found any evidence of compromised site security.

Claimed two-factor authentication breach

LocalBitcoins allows its users to protect their user accounts with two-factor authentication. In two-factor authentication you need an additional one time token to operate your user account besides knowing your password. Two-factor token generator is stored separately, so that in the case your computer gets compromised the attackers cannot operate your user account with only knowing your password, which has been hijacked either by extracting it from the computer memory or keylogging.

During the history of LocalBitcoins, there have been now two claims (including this one) where the user claimed loss of Bitcoins and the two-factor authentication was enabled before the incident.

In the case of user don4of4, the following is what happened.

21. March 2014, the user activates his/her user account

21. March 2014, the user conducts series of trades, using a desktop browser

16. April 2014, the user conducts series of trades, using a desktop browser

17. April 2014 03:52, the user activates the two-factor authentication, using desktop browser

17. April 2014 12:40, the user does his/her first two-factor login using an Android device

17. April 2014 15:45, the user Bitcoins are transferred away using the two-factor codes and login session the user opened earlier. This request came from a Tor browser, as opposite to the user's Android device.

17. April 2014 ~17:00, the user posts to Reddit claiming that the LocalBitcoins security is compromised

17. April 2014 ~17:00, the user open a support ticket for resolving the incident

The user has admitted storing his two-factor codes on the Android device. In this case if the user used this particular Android device to access LocalBitcoins and the device was compromised, the attacker gained access to user password, user session id and two-factor codes. Furthermore, it was reported on the Reddit that the credentials of this particular user have been found on known compromised user account lists spreading in the Internet.

If one needs to operate LocalBicoins site from a mobile phone, LocalBitcoins offers a paper codes based two-factor authentication which is based on printed one-time passwords. Even if the mobile device is compromised the attacker cannot gain access to the physical printed paper.

This cannot be clickjacking or XSS attack, because the user must always give their password or two-factor code to operate the LocalBitcoins Bitcoin wallet. An automated attack possessing only the user session id is not possible.

In this case, the request for transferring Bitcoins from the users wallet came from an different IP address the user used to log in to the site. LocalBitcoins currently does not use session fixation to an IP address as a further layer of security. However if the attacker is in the control of the device of the user, the attacker can also use this device and its same IP address to make requests to LocalBitcoins. LocalBitcoins team will further discuss whether session fixation to an IP address should be enabled for some users.

This case is also very unlikely to be an inside job. LocalBitcoins logs all the actions done by its support staff and developers to an audit log, so potential abuse of staff privileges is easily uncovered. Two-factor authentication codes and passwords are not accessible by the support staff. Furthermore, it would not be very rational for an insider to attack against one particular user and his/her wallet only if the insider would have access to all wallets.

Due to media reporting of the case, the users where panicing and moving their Bitcoins away from LocalBitcoins. Most of Bitcoins stored on LocalBitcoins are in cold storage. Even if the LocalBitcoins servers were compromised, the attackers would still not get access to stored user Bitcoins. When the LocalBitcoins hot wallet was being emptied due to high volume of withdraws, the withdraws started to delay. LocalBitcoins choose not to top up the hot wallet until the incident is investigated.

Other claimed Bitcoin losses

On the week of 17th April, 11 separate incidents of claimed Bitcoin losses were reported. In these cases the pattern is that the user bought Bitcoins on LocalBitcoins and then there was a Bitcoin transaction which the user claimed he/she did not make himself/herself.

LocalBitcoins security automatically blocks automatic logins and attemps to log in if one particular IP address seems to behave malicious. However if the username and password is known by the attacker and two-factor authentication is not enabled, then it is not possible for LocalBitcoins to differetiate between legit logins and logins done by the attacker.

So far we have found one systematic and recent attack against LocalBitcoins users, and right now it seems that the amount of users attacked have been under 30, and amount of bitcoins reported has been less than that. The common pattern between these cases has been that prior the transaction there have been login to the account, and the fact that none of the users affected had 2-factor authentication enabled. Most likely explanation to these attacks have been stolen user credentials through phishing or malware. So far nothing indicates that this have been a security flaw on the website itself, but we are going to continue investigating the case.

There have been also two or three isolated cases which does not necessarily fall directly to this pattern*, and those case still need more research before anything can be said from them.

We will continue investigating these cases during the weekend, and meanwhile outgoing transactions might be delayed, since we try to minimize cold storage movements until everything is sorted out. We apologize all inconvenience affected.

*) edit: There have been claims that users with 2FA have been affected. So far we have received three this kind of reports in total during last month, and some further investigation is required before we can draw too many conclusions about these cases.

Tuesday, April 8, 2014

LocalBitcoins has updated its servers to fix OpenSSL Heartbleed vulnerability this morning.

The downtime was due to necessary security updates related to the Heartbleed bug. This is a serious security issue affecting most of the Internet. The issue was disclosed some hours ago.

We apologize for any inconvenience caused by this incident.

Advertisements disabled - manual action needed

If you are running trade advertisements on LocalBitcoins you may need to re-enable your LocalBitcoins advertisements.

Due to impact of OpenSSL updates on LocalBitcoins and the Internet, LocalBitcoins did not have valid Bitcoin market exchange rate data available. Because LocalBitcoins users price their advertisement based on different exchange rates they choose, and those exchange rates could not be read, the advertisement where disabled by an automatic process.

Go to your Dashboard on LocalBitcoins. If your advertisement shows a valid price, you can click Enabled / Disabled column to make your advertisement visible again.

Monday, March 10, 2014

Starting from today you can list the locations of Bitcoin ATMs (automatic teller machines) on LocalBitcoins. LocalBitcoins wants to see the Bitcoin ecosystem growing and we believe ATMs are one important part of in the process of making Bitcoin more consumer friendly.

Buying Bitcoins with cash is safe and easy making LocalBitcoins popular service among the first-time Bitcoin buyers. LocalBitcoins has cash trading activity already in 5000 cities, so advertising your Bitcoin ATM on the site brings good visibility for the machine.

Monday, March 3, 2014

Is your country going to war, and your national currency value is dropping like bomb? Or is your country in crisis, and the banks are implementing currency controls? Only able to withdraw $100 cash per day?

Monday, February 17, 2014

The Bitcoin ATM was succesfully used in
the Helsinki Bitcoin meetup to buy beer

We are happy to announce the first production batch of LocalBitcoins ATM's. The ATM allows both buying and selling BTC, and the cost is about half of that the cheapest model currently on the market. It also doesn't require internet connection by default, which makes it more robust and cost-effective than the competiting models.

You can easily buy and sell bitcoins from LocalBitcoins ATM using your LocalBitcoins wallet. When you buy, the machine generates a redeemable code for the fiat currency amount the user puts in. This code can be redeemed for bitcoins on LocalBitcoins.com with the floating rate specified per-ATM.

Selling is almost as simple: an user loads bitcoins to the LocalBitcoins wallet, goes to the ATM url. After that the user can specify, how much fiat he wants to withdraw. After submitting the sell request, the user gets deposit code for the specified fiat amount. Then the user inputs the code to the ATM, and the machine outputs the specified amount cash.

The ATM can be programmed to support over 100 different currencies. Very beneficial is the bank note recycler, which reduces maintenance needs for the machine.

The operator of the machine can specify the premiums, and therefore earn profit by the ATM usage. LocalBitcoins charges 1% fee from the transactions. LocalBitcoins itself doesn't operate the machines, but the LocalBitcoins traders.

The initial batch will be 5 pieces, for operated near Helsinki, Finland area only. The next batch after that will be considerably larger. The price for the first batch model is 1990 EUR + VAT. As these ATM's are experimental, LocalBitcoins will commit to a full refund when problems are found and the ATM is returned. Also the first batch orderers get 70% discount from the next batch if they return the first model.

Do you want to be a pioneer, and be the first to profit from the badly needed bitcoin liquidity injection? Send us a request using this form. If you are able to operate the ATM in Finland, or in nearby cities to Helsinki (Tallinn, Stockholm), you can be part of the initial 5 piece batch.

The first model of ATM is so small, that it can easily be transfered even in a metro

The concept was originally developed by bitcoinkiosk.com. LocalBitcoins.com bought the whole package in December 2013, and plans to mass-produce these ATM's at large scale. See the original video of operation (the current model includes a receipt printer, however).

Friday, January 10, 2014

Borja & Elvis managed to find a trader buying Bitcoin in South Africa! That means that the Bitcoin Africa tour is completed quite succesfully. Bitcoin knowledge was spread to many new countries. Exchanges were made at least in South Africa, Namibia, Togo, Morocco, Cameroon and others.

Wednesday, January 8, 2014

I've just poured some well-deserved love into the LocalBitcoins API, bumping it to version 3.0. Here's the beef (change log):

- Trade contact messaging, both reading and writing are now supported by the official API
- Trade contacts can be canceled and disputed when eligible
- Together with mark payment complete support recently these features complete the actions that can be done with existing contacts
- Ability to create new contacts with API is coming soon!
- Wallet API support. Balance can be read and recent transactions can be inspected. Bitcoins can be sent from the wallet using a special permission. Existing access tokens will not have send access, but new tokens can request this permission from the user.
- Ad editing API now has equivalent fields to the website form. There is a new ad creation API.
- Authentication code was overhauled